archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8258915: Temporary buffer cleanup

Browse source 
Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2021-04-22 18:11:43 +00:00
parent 31d8a19e47
commit f834557ae0
79 changed files with 1517 additions and 1039 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/java.base/share/classes/sun/security/rsa/RSAKeyFactory.java
View file

@ -30,6 +30,7 @@ import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.util.Arrays;
import sun.security.action.GetPropertyAction;
import sun.security.rsa.RSAUtil.KeyType;
@ -308,8 +309,14 @@ public class RSAKeyFactory extends KeyFactorySpi {
throw new InvalidKeyException("Invalid key", e);
}
} else {
return RSAPrivateCrtKeyImpl.newKey(type, key.getFormat(),
key.getEncoded());
byte[] encoded = key.getEncoded();
try {
return RSAPrivateCrtKeyImpl.newKey(type, key.getFormat(), encoded);
} finally {
if (encoded != null) {
Arrays.fill(encoded, (byte)0);
}
}
}
}
@ -340,8 +347,12 @@ public class RSAKeyFactory extends KeyFactorySpi {
private PrivateKey generatePrivate(KeySpec keySpec)
throws GeneralSecurityException {
if (keySpec instanceof PKCS8EncodedKeySpec) {
return RSAPrivateCrtKeyImpl.newKey(type, "PKCS#8",
((PKCS8EncodedKeySpec)keySpec).getEncoded());
byte[] encoded = ((PKCS8EncodedKeySpec)keySpec).getEncoded();
try {
return RSAPrivateCrtKeyImpl.newKey(type, "PKCS#8", encoded);
} finally {
Arrays.fill(encoded, (byte)0);
}
} else if (keySpec instanceof RSAPrivateCrtKeySpec) {
RSAPrivateCrtKeySpec rsaSpec = (RSAPrivateCrtKeySpec)keySpec;
try {
@ -404,7 +415,12 @@ public class RSAKeyFactory extends KeyFactorySpi {
}
} else if (key instanceof RSAPrivateKey) {
if (keySpec.isAssignableFrom(PKCS8_KEYSPEC_CLS)) {
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
byte[] encoded = key.getEncoded();
try {
return keySpec.cast(new PKCS8EncodedKeySpec(encoded));
} finally {
Arrays.fill(encoded, (byte)0);
}
} else if (keySpec.isAssignableFrom(RSA_PRIVCRT_KEYSPEC_CLS)) {
// All supported keyspecs (other than PKCS8_KEYSPEC_CLS) descend from RSA_PRIVCRT_KEYSPEC_CLS
if (key instanceof RSAPrivateCrtKey) {

95
src/java.base/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
View file

@ -31,6 +31,7 @@ import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.util.Arrays;
import sun.security.util.*;
@ -192,20 +193,44 @@ public final class RSAPrivateCrtKeyImpl
this.keyParams = keyParams;
try {
// generate the key encoding
DerOutputStream out = new DerOutputStream();
byte[][] nbytes = new byte[8][];
nbytes[0] = n.toByteArray();
nbytes[1] = e.toByteArray();
nbytes[2] = d.toByteArray();
nbytes[3] = p.toByteArray();
nbytes[4] = q.toByteArray();
nbytes[5] = pe.toByteArray();
nbytes[6] = qe.toByteArray();
nbytes[7] = coeff.toByteArray();
// Initiate with a big enough size so there's no need to
// reallocate memory later and thus can be cleaned up
// reliably.
DerOutputStream out = new DerOutputStream(
nbytes[0].length + nbytes[1].length +
nbytes[2].length + nbytes[3].length +
nbytes[4].length + nbytes[5].length +
nbytes[6].length + nbytes[7].length +
100); // Enough for version(3) and 8 tag+length(3 or 4)
out.putInteger(0); // version must be 0
out.putInteger(n);
out.putInteger(e);
out.putInteger(d);
out.putInteger(p);
out.putInteger(q);
out.putInteger(pe);
out.putInteger(qe);
out.putInteger(coeff);
DerValue val =
new DerValue(DerValue.tag_Sequence, out.toByteArray());
out.putInteger(nbytes[0]);
out.putInteger(nbytes[1]);
out.putInteger(nbytes[2]);
out.putInteger(nbytes[3]);
out.putInteger(nbytes[4]);
out.putInteger(nbytes[5]);
out.putInteger(nbytes[6]);
out.putInteger(nbytes[7]);
// Private values from [2] on.
Arrays.fill(nbytes[2], (byte)0);
Arrays.fill(nbytes[3], (byte)0);
Arrays.fill(nbytes[4], (byte)0);
Arrays.fill(nbytes[5], (byte)0);
Arrays.fill(nbytes[6], (byte)0);
Arrays.fill(nbytes[7], (byte)0);
DerValue val = DerValue.wrap(DerValue.tag_Sequence, out);
key = val.toByteArray();
val.clear();
} catch (IOException exc) {
// should never occur
throw new InvalidKeyException(exc);
@ -285,29 +310,33 @@ public final class RSAPrivateCrtKeyImpl
// e, d, p, q, pe, qe, and coeff, and return the parsed components.
private static BigInteger[] parseASN1(byte[] raw) throws IOException {
DerValue derValue = new DerValue(raw);
if (derValue.tag != DerValue.tag_Sequence) {
throw new IOException("Not a SEQUENCE");
}
int version = derValue.data.getInteger();
if (version != 0) {
throw new IOException("Version must be 0");
}
try {
if (derValue.tag != DerValue.tag_Sequence) {
throw new IOException("Not a SEQUENCE");
}
int version = derValue.data.getInteger();
if (version != 0) {
throw new IOException("Version must be 0");
}
BigInteger[] result = new BigInteger[8]; // n, e, d, p, q, pe, qe, coeff
/*
* Some implementations do not correctly encode ASN.1 INTEGER values
* in 2's complement format, resulting in a negative integer when
* decoded. Correct the error by converting it to a positive integer.
*
* See CR 6255949
*/
for (int i = 0; i < result.length; i++) {
result[i] = derValue.data.getPositiveBigInteger();
BigInteger[] result = new BigInteger[8]; // n, e, d, p, q, pe, qe, coeff
/*
* Some implementations do not correctly encode ASN.1 INTEGER values
* in 2's complement format, resulting in a negative integer when
* decoded. Correct the error by converting it to a positive integer.
*
* See CR 6255949
*/
for (int i = 0; i < result.length; i++) {
result[i] = derValue.data.getPositiveBigInteger();
}
if (derValue.data.available() != 0) {
throw new IOException("Extra data available");
}
return result;
} finally {
derValue.clear();
}
if (derValue.data.available() != 0) {
throw new IOException("Extra data available");
}
return result;
}
private void parseKeyBits() throws InvalidKeyException {

19
src/java.base/share/classes/sun/security/rsa/RSAPrivateKeyImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@ import java.math.BigInteger;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import java.security.interfaces.*;
import java.util.Arrays;
import sun.security.util.*;
import sun.security.pkcs.PKCS8Key;
@ -90,19 +91,25 @@ public final class RSAPrivateKeyImpl extends PKCS8Key implements RSAPrivateKey {
try {
// generate the key encoding
DerOutputStream out = new DerOutputStream();
byte[] nbytes = n.toByteArray();
byte[] dbytes = d.toByteArray();
DerOutputStream out = new DerOutputStream(
nbytes.length + dbytes.length + 50);
// Enough for 7 zeroes (21) and 2 tag+length(4)
out.putInteger(0); // version must be 0
out.putInteger(n);
out.putInteger(nbytes);
Arrays.fill(nbytes, (byte)0);
out.putInteger(0);
out.putInteger(d);
out.putInteger(dbytes);
Arrays.fill(dbytes, (byte)0);
out.putInteger(0);
out.putInteger(0);
out.putInteger(0);
out.putInteger(0);
out.putInteger(0);
DerValue val =
new DerValue(DerValue.tag_Sequence, out.toByteArray());
DerValue val = DerValue.wrap(DerValue.tag_Sequence, out);
key = val.toByteArray();
val.clear();
} catch (IOException exc) {
// should never occur
throw new InvalidKeyException(exc);